HOWTO Configure a Telnet Client to Operate Through a Firewall (Cirrus for Windows)

[dog]"Dude" explained this to me. He comes into the office with me on the weekends. I got this to work on a weekend. Coincidence? I think not.

Update 7-2006, I hadn't used this for a while and when I looked it up, found my own page. Unfortunately Dude is no longer around (sadly, last week) so I can't ask him if it still works.


GTE Cirrus software for DUATS is used by pilots to download weather and file flight plans. (A pilot's certificate required.)

Cirrus is a Telnet client which is designed to run through either a dialup connection or a direct TCP/IP connection to the Internet. The internet connection is a telnet session, and so the communications side of the software is a telnet client. Presumably one could use the interactive part of Cirrus as a general telnet client.

This should also work for other dedicated telnet clients.

The Problem

The Cirrus software has no provision for porting through a firewall. Well, almost, since its IP address can be changed. Its default IP address (for the host) is <>, running through port 23 (the standard Telnet default port). If you are running through a firewall, you probably have to connect to the proxy server (firewall) first and then connect to the <> address. If you try to connect directly to the <> address, it won't work.

There are four ways to correct this:

  1. Have the proxy server recognize any calls for <> and relay these calls. This is apparently what GTE does.
  2. Define the telnet connection as that of your proxy server, and then connect manually through the Cirrus interactive session function.
  3. (I don't think this works, but you can try it.) First connect manually to your proxy server (firewall) through the Cirrus interactive session. Then execute the Cirrus automated session function while still connected. Like I say, this probably won't work because even if you can manually open the telnet session and Cirrus executes over the open telnet session, it may be using standard commands not recognised by your particular proxy server.
  4. Define an address at the proxy server as and then have your client address the proxy server. This document explains this third methoud.

Defining the Address at the Proxy Server

This is a typical setup, using Wingate:

On proxy server:

  1. Add a new service, defined as (, port 23). This requires administrator privileges.
  2. Make the service accessible through port 2301 (or any other number, but 2301 will be understood to mean the first dedicated telnet port on the system.)
  3. Uncheck "logon sequence" since users should not logon to the proxy server to reach this service.

On client computer: Change to read, port 2301 .

<> is typically the IP address given to a LAN server and is not used on the internet. The IP address of the server should be obvious by looking at the "proxy" settings of your internet browser. In Netscape, this is at "Edit-->Preferences-->Advanced-->(+)-->Proxies".

That's it.

Alternate Proxy Definition

If you do not wish to define your proxyserver as, just set Cirrus to whatever name you give your proxyserver, i.e., "wg_host". On Wingate, if you're using a name, it needs to be defined in the hosts file in C:\windows (on the computer with the server). The address is probably already there.

If You Don't Have Admin. Privileges.

Pretty much the same thing, except you need to ask the MIS people to:

  1. Set up a telnet proxy to (or whatever port the system uses for telnet -- 23 is standard). The proxy should give privileges to everybody (or all users). This is explained above.
  2. Set the proxy so that there is no logon sequence (i.e., the service just proxies to that "131..." IP address.
  3. Let you know how you should address it, such as the (server address, port 2301) given above.
  4. Tell him/her/it that your software doesn't know firewalls, so the proxy address is necessary. If you just use Cirrus' IP address, the LAN won't recognize the address.

Then set up Cirrus accordingly.

Other Problems

One Other Alternative

There is a webpage for retrieving DUATS information. Bookmark lights.chtm.unm.edu/~sarangan/aviation/duats/duats.html.

back to...

Stan Protigal

Originally posted 2-99; updated 10-Jul-06

SCN Home Page
Seattle Community Network
SCN Member Pages

Written by Stan Protigal, using WordPerfect 5.1 Compatible - works with Any Damn Browser.